With Facebook requiring a secure URL for Canvas applications on October 1st, what will happen to legacy applications that have no URL specified for the Secure Canvas URL? Will they continue to load over HTTP and fail over HTTPS?

Suppose an application has URLs specified for the Canvas, Page Tab, and Secure Page Tab, but no URL specified for the Secure Canvas.. will these applications continue to function, or will they be blocked entirely because they lack a secure URL for the Canvas?

Come October 1st as the dev pages states on facebook you will be required to have a secure url. I just picked up a cheap SSL cert from godaddy for like 16 bucks for a year. i do not know if they still have the deal going on, but it definitively worth checking. Once the cert is installed on your server, you do not need to migrate anything, the whole process took like 2 hours most of which was waiting on godaddy.

We have several Facebook applications that it will be cumbersome to populate the Secure Canvas URL (no method in the Facebook API to populate this). We have the cert installed.. I'm curious about the Secure Canvas URL field and the behavior of those apps that have no URL specified.
–
Keith LantzAug 26 '11 at 13:09

You can create a HTML file that is accessible over HTTPS that just redirects to your webpage. For example, you can use dropbox. Since Facebook loads your secure canvas URL page in an iframe, your code needs to redirect the top page. Something like this.